[thirdparty/nettle.git] / sha3.h

/* sha3.h

   The sha3 hash function (aka Keccak).

   Copyright (C) 2012 Niels Möller

   This file is part of GNU Nettle.

   GNU Nettle is free software: you can redistribute it and/or
   modify it under the terms of either:

     * the GNU Lesser General Public License as published by the Free
       Software Foundation; either version 3 of the License, or (at your
       option) any later version.

   or

     * the GNU General Public License as published by the Free
       Software Foundation; either version 2 of the License, or (at your
       option) any later version.

   or both in parallel, as here.

   GNU Nettle is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   General Public License for more details.

   You should have received copies of the GNU General Public License and
   the GNU Lesser General Public License along with this program.  If
   not, see http://www.gnu.org/licenses/.
*/
 
#ifndef NETTLE_SHA3_H_INCLUDED
#define NETTLE_SHA3_H_INCLUDED

#include "nettle-types.h"

#ifdef __cplusplus
extern "C" {
#endif

/* Name mangling */
#define sha3_permute nettle_sha3_permute
#define sha3_128_init nettle_sha3_128_init
#define sha3_128_update nettle_sha3_128_update
#define sha3_128_shake nettle_sha3_128_shake
#define sha3_128_shake_output nettle_sha3_128_shake_output
#define sha3_224_init nettle_sha3_224_init
#define sha3_224_update nettle_sha3_224_update
#define sha3_224_digest nettle_sha3_224_digest
#define sha3_256_init nettle_sha3_256_init
#define sha3_256_update nettle_sha3_256_update
#define sha3_256_digest nettle_sha3_256_digest
#define sha3_256_shake nettle_sha3_256_shake
#define sha3_256_shake_output nettle_sha3_256_shake_output
#define sha3_384_init nettle_sha3_384_init
#define sha3_384_update nettle_sha3_384_update
#define sha3_384_digest nettle_sha3_384_digest
#define sha3_512_init nettle_sha3_512_init
#define sha3_512_update nettle_sha3_512_update
#define sha3_512_digest nettle_sha3_512_digest

/* Indicates that SHA3 is the NIST FIPS 202 version. */
#define NETTLE_SHA3_FIPS202 1

/* The sha3 state is a 5x5 matrix of 64-bit words. In the notation of
   Keccak description, S[x,y] is element x + 5*y, so if x is
   interpreted as the row index and y the column index, it is stored
   in column-major order. */
#define SHA3_STATE_LENGTH 25

/* The "width" is 1600 bits or 200 octets */
struct sha3_state
{
  uint64_t a[SHA3_STATE_LENGTH];
};

void
sha3_permute (struct sha3_state *state);

/* The "capacity" is set to 2*(digest size), 512 bits or 64 octets.
   The "rate" is the width - capacity, or width - 2 * (digest
   size). */

#define SHA3_128_DIGEST_SIZE 16
#define SHA3_128_BLOCK_SIZE 168

#define SHA3_224_DIGEST_SIZE 28
#define SHA3_224_BLOCK_SIZE 144

#define SHA3_256_DIGEST_SIZE 32
#define SHA3_256_BLOCK_SIZE 136

#define SHA3_384_DIGEST_SIZE 48
#define SHA3_384_BLOCK_SIZE 104

#define SHA3_512_DIGEST_SIZE 64
#define SHA3_512_BLOCK_SIZE 72

/* For backwards compatibility */
#define SHA3_224_DATA_SIZE SHA3_224_BLOCK_SIZE
#define SHA3_256_DATA_SIZE SHA3_256_BLOCK_SIZE
#define SHA3_384_DATA_SIZE SHA3_384_BLOCK_SIZE
#define SHA3_512_DATA_SIZE SHA3_512_BLOCK_SIZE

struct sha3_128_ctx
{
  struct sha3_state state;
  unsigned index;
  uint8_t block[SHA3_128_BLOCK_SIZE];
};

void
sha3_128_init (struct sha3_128_ctx *ctx);

void
sha3_128_update (struct sha3_128_ctx *ctx,
		 size_t length,
		 const uint8_t *data);

void
sha3_128_shake (struct sha3_128_ctx *ctx,
		size_t length,
		uint8_t *digest);

void
sha3_128_shake_output (struct sha3_128_ctx *ctx,
		       size_t length,
		       uint8_t *digest);

struct sha3_224_ctx
{
  struct sha3_state state;
  unsigned index;
  uint8_t block[SHA3_224_BLOCK_SIZE];
};

void
sha3_224_init (struct sha3_224_ctx *ctx);

void
sha3_224_update (struct sha3_224_ctx *ctx,
		 size_t length,
		 const uint8_t *data);

void
sha3_224_digest(struct sha3_224_ctx *ctx,
		size_t length,
		uint8_t *digest);

struct sha3_256_ctx
{
  struct sha3_state state;
  unsigned index;
  uint8_t block[SHA3_256_BLOCK_SIZE];
};

void
sha3_256_init (struct sha3_256_ctx *ctx);

void
sha3_256_update (struct sha3_256_ctx *ctx,
		 size_t length,
		 const uint8_t *data);

void
sha3_256_digest(struct sha3_256_ctx *ctx,
		size_t length,
		uint8_t *digest);

/* Alternative digest function implementing shake256, with arbitrary
   digest size */
void
sha3_256_shake(struct sha3_256_ctx *ctx,
	       size_t length,
	       uint8_t *digest);

/* Unlike sha3_256_shake, this function can be called multiple times
   to retrieve output from shake256 in an incremental manner */
void
sha3_256_shake_output(struct sha3_256_ctx *ctx,
		      size_t length,
		      uint8_t *digest);

struct sha3_384_ctx
{
  struct sha3_state state;
  unsigned index;
  uint8_t block[SHA3_384_BLOCK_SIZE];
};

void
sha3_384_init (struct sha3_384_ctx *ctx);

void
sha3_384_update (struct sha3_384_ctx *ctx,
		 size_t length,
		 const uint8_t *data);

void
sha3_384_digest(struct sha3_384_ctx *ctx,
		size_t length,
		uint8_t *digest);

struct sha3_512_ctx
{
  struct sha3_state state;
  unsigned index;
  uint8_t block[SHA3_512_BLOCK_SIZE];
};

void
sha3_512_init (struct sha3_512_ctx *ctx);

void
sha3_512_update (struct sha3_512_ctx *ctx,
		 size_t length,
		 const uint8_t *data);

void
sha3_512_digest(struct sha3_512_ctx *ctx,
		size_t length,
		uint8_t *digest);

#ifdef __cplusplus
}
#endif

#endif /* NETTLE_SHA3_H_INCLUDED */
Commit	Line	Data
1c8cc9e9	1	/* sha3.h
90112edb NM	2
	3	The sha3 hash function (aka Keccak).
	4
	5	Copyright (C) 2012 Niels Möller
	6
	7	This file is part of GNU Nettle.
	8
	9	GNU Nettle is free software: you can redistribute it and/or
	10	modify it under the terms of either:
	11
	12	* the GNU Lesser General Public License as published by the Free
	13	Software Foundation; either version 3 of the License, or (at your
	14	option) any later version.
	15
	16	or
	17
	18	* the GNU General Public License as published by the Free
	19	Software Foundation; either version 2 of the License, or (at your
	20	option) any later version.
	21
	22	or both in parallel, as here.
	23
	24	GNU Nettle is distributed in the hope that it will be useful,
	25	but WITHOUT ANY WARRANTY; without even the implied warranty of
	26	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	27	General Public License for more details.
	28
	29	You should have received copies of the GNU General Public License and
	30	the GNU Lesser General Public License along with this program. If
	31	not, see http://www.gnu.org/licenses/.
	32	*/
1c8cc9e9 NM	33
	34	#ifndef NETTLE_SHA3_H_INCLUDED
	35	#define NETTLE_SHA3_H_INCLUDED
	36
	37	#include "nettle-types.h"
	38
	39	#ifdef __cplusplus
	40	extern "C" {
	41	#endif
	42
833d7496	43	/* Name mangling */
1c8cc9e9	44	#define sha3_permute nettle_sha3_permute
3271b8fa DU	45	#define sha3_128_init nettle_sha3_128_init
	46	#define sha3_128_update nettle_sha3_128_update
	47	#define sha3_128_shake nettle_sha3_128_shake
	48	#define sha3_128_shake_output nettle_sha3_128_shake_output
9cf94512 NM	49	#define sha3_224_init nettle_sha3_224_init
	50	#define sha3_224_update nettle_sha3_224_update
	51	#define sha3_224_digest nettle_sha3_224_digest
1c8cc9e9 NM	52	#define sha3_256_init nettle_sha3_256_init
	53	#define sha3_256_update nettle_sha3_256_update
	54	#define sha3_256_digest nettle_sha3_256_digest
64a6def6	55	#define sha3_256_shake nettle_sha3_256_shake
dd9e7cb1	56	#define sha3_256_shake_output nettle_sha3_256_shake_output
9cf94512 NM	57	#define sha3_384_init nettle_sha3_384_init
	58	#define sha3_384_update nettle_sha3_384_update
	59	#define sha3_384_digest nettle_sha3_384_digest
	60	#define sha3_512_init nettle_sha3_512_init
	61	#define sha3_512_update nettle_sha3_512_update
	62	#define sha3_512_digest nettle_sha3_512_digest
1c8cc9e9	63
833d7496 NM	64	/* Indicates that SHA3 is the NIST FIPS 202 version. */
	65	#define NETTLE_SHA3_FIPS202 1
	66
1c8cc9e9 NM	67	/* The sha3 state is a 5x5 matrix of 64-bit words. In the notation of
	68	Keccak description, S[x,y] is element x + 5*y, so if x is
	69	interpreted as the row index and y the column index, it is stored
	70	in column-major order. */
	71	#define SHA3_STATE_LENGTH 25
	72
	73	/* The "width" is 1600 bits or 200 octets */
	74	struct sha3_state
	75	{
	76	uint64_t a[SHA3_STATE_LENGTH];
	77	};
	78
	79	void
	80	sha3_permute (struct sha3_state *state);
	81
1c8cc9e9 NM	82	/* The "capacity" is set to 2*(digest size), 512 bits or 64 octets.
	83	The "rate" is the width - capacity, or width - 2 * (digest
	84	size). */
	85
3271b8fa DU	86	#define SHA3_128_DIGEST_SIZE 16
	87	#define SHA3_128_BLOCK_SIZE 168
	88
1c8cc9e9	89	#define SHA3_224_DIGEST_SIZE 28
d22bac82	90	#define SHA3_224_BLOCK_SIZE 144
1c8cc9e9 NM	91
1c8cc9e9 NM	92	#define SHA3_256_DIGEST_SIZE 32
d22bac82	93	#define SHA3_256_BLOCK_SIZE 136
1c8cc9e9 NM	94
1c8cc9e9 NM	95	#define SHA3_384_DIGEST_SIZE 48
d22bac82	96	#define SHA3_384_BLOCK_SIZE 104
1c8cc9e9 NM	97
1c8cc9e9 NM	98	#define SHA3_512_DIGEST_SIZE 64
d22bac82	99	#define SHA3_512_BLOCK_SIZE 72
1c8cc9e9	100
d22bac82 NM	101	/* For backwards compatibility */
	102	#define SHA3_224_DATA_SIZE SHA3_224_BLOCK_SIZE
	103	#define SHA3_256_DATA_SIZE SHA3_256_BLOCK_SIZE
	104	#define SHA3_384_DATA_SIZE SHA3_384_BLOCK_SIZE
	105	#define SHA3_512_DATA_SIZE SHA3_512_BLOCK_SIZE
1c8cc9e9	106
3271b8fa DU	107	struct sha3_128_ctx
	108	{
	109	struct sha3_state state;
	110	unsigned index;
	111	uint8_t block[SHA3_128_BLOCK_SIZE];
	112	};
	113
	114	void
	115	sha3_128_init (struct sha3_128_ctx *ctx);
	116
	117	void
	118	sha3_128_update (struct sha3_128_ctx *ctx,
	119	size_t length,
	120	const uint8_t *data);
	121
	122	void
	123	sha3_128_shake (struct sha3_128_ctx *ctx,
	124	size_t length,
	125	uint8_t *digest);
	126
	127	void
	128	sha3_128_shake_output (struct sha3_128_ctx *ctx,
	129	size_t length,
	130	uint8_t *digest);
	131
1c8cc9e9 NM	132	struct sha3_224_ctx
	133	{
	134	struct sha3_state state;
	135	unsigned index;
d22bac82	136	uint8_t block[SHA3_224_BLOCK_SIZE];
1c8cc9e9 NM	137	};
1c8cc9e9 NM	138
9cf94512 NM	139	void
	140	sha3_224_init (struct sha3_224_ctx *ctx);
	141
	142	void
	143	sha3_224_update (struct sha3_224_ctx *ctx,
b8bfc32f	144	size_t length,
9cf94512 NM	145	const uint8_t *data);
	146
	147	void
	148	sha3_224_digest(struct sha3_224_ctx *ctx,
b8bfc32f	149	size_t length,
9cf94512 NM	150	uint8_t *digest);
9cf94512 NM	151
1c8cc9e9 NM	152	struct sha3_256_ctx
	153	{
	154	struct sha3_state state;
	155	unsigned index;
d22bac82	156	uint8_t block[SHA3_256_BLOCK_SIZE];
1c8cc9e9 NM	157	};
	158
	159	void
	160	sha3_256_init (struct sha3_256_ctx *ctx);
	161
	162	void
	163	sha3_256_update (struct sha3_256_ctx *ctx,
b8bfc32f	164	size_t length,
1c8cc9e9 NM	165	const uint8_t *data);
	166
	167	void
	168	sha3_256_digest(struct sha3_256_ctx *ctx,
b8bfc32f	169	size_t length,
1c8cc9e9 NM	170	uint8_t *digest);
1c8cc9e9 NM	171
64a6def6 NM	172	/* Alternative digest function implementing shake256, with arbitrary
	173	digest size */
	174	void
	175	sha3_256_shake(struct sha3_256_ctx *ctx,
	176	size_t length,
	177	uint8_t *digest);
	178
dd9e7cb1 DU	179	/* Unlike sha3_256_shake, this function can be called multiple times
	180	to retrieve output from shake256 in an incremental manner */
	181	void
	182	sha3_256_shake_output(struct sha3_256_ctx *ctx,
	183	size_t length,
	184	uint8_t *digest);
	185
1c8cc9e9 NM	186	struct sha3_384_ctx
	187	{
	188	struct sha3_state state;
	189	unsigned index;
d22bac82	190	uint8_t block[SHA3_384_BLOCK_SIZE];
1c8cc9e9 NM	191	};
1c8cc9e9 NM	192
9cf94512 NM	193	void
	194	sha3_384_init (struct sha3_384_ctx *ctx);
	195
	196	void
	197	sha3_384_update (struct sha3_384_ctx *ctx,
b8bfc32f	198	size_t length,
9cf94512 NM	199	const uint8_t *data);
	200
	201	void
	202	sha3_384_digest(struct sha3_384_ctx *ctx,
b8bfc32f	203	size_t length,
9cf94512 NM	204	uint8_t *digest);
9cf94512 NM	205
1c8cc9e9 NM	206	struct sha3_512_ctx
	207	{
	208	struct sha3_state state;
	209	unsigned index;
d22bac82	210	uint8_t block[SHA3_512_BLOCK_SIZE];
1c8cc9e9 NM	211	};
1c8cc9e9 NM	212
9cf94512 NM	213	void
	214	sha3_512_init (struct sha3_512_ctx *ctx);
	215
	216	void
	217	sha3_512_update (struct sha3_512_ctx *ctx,
b8bfc32f	218	size_t length,
9cf94512 NM	219	const uint8_t *data);
	220
	221	void
	222	sha3_512_digest(struct sha3_512_ctx *ctx,
b8bfc32f	223	size_t length,
9cf94512 NM	224	uint8_t *digest);
9cf94512 NM	225
1c8cc9e9 NM	226	#ifdef __cplusplus
	227	}
	228	#endif
	229
	230	#endif /* NETTLE_SHA3_H_INCLUDED */